Log Correlation Engine 3.6 – Now with its own GUI
January 5, 2011<p>Tenable Network Security has released version 3.6 of the <a href="http://www.nessus.org/products/lce/" target="_self">Log Correlation Engine</a>. This new version includes many performance enhancements as well as its own web-based user interface. This blog entry describes the new user interface, the increased performance and the new features of LCE 3.6.</p>
SSL Certificate Authority Auditing with Nessus
December 28, 2010<p>Do you know where all of your organization’s SSL certificates are and if they are providing enough protection to you and your customers? Nessus can be used to identify all SSL certificates in use, test if they are expired and with the advent of plugin # <a href="http://www.tenable.com/plugins/index.php?view=single&id=51192">51192</a>, test that they have been securely signed by a valid certificate authority. This blog entry will review Nessus’s SSL certificate auditing ability and describe how plugin #51192 can help monitor your network for untrustworthy SSL certificates.</p>
Introducing the Nessus Perimeter Service : redefining the cost of online scanning
December 7, 2010 Have you ever wanted to run an external Nessus vulnerability audit of your DMZ but didn’t have access to a Nessus scanner located on the outside of your network? Tenable Network Security now off...
Tenable at Black Hat USA 2010!
July 12, 2010<p>July hasn’t been hot enough for me and some of the other Tenable staffers, so we will be heading to the desert of Las Vegas in a few weeks to attend <a href="https://www.blackhat.com/html/bh-us-10/bh-us-10-home.html" target="_blank">Black Hat USA 2010</a>! Since 1997, the Black Hat conference has provided a neutral ground for security researchers, government agencies and information security professionals to integrate their varied perspectives. This will be my ninth year at Black Hat and I’ve always found it to be an intense couple of days meeting up with almost everyone I know in the Infosec field. I’m delighted that Tenable will be represented in the Black Hat Trainings, Black Hat Briefings, Black Hat vendor area and <a href="http://www.defcon.org/html/defcon-18/dc-18-index.html" target="_blank">DEF CON</a> this year.</p><p></p> <p>Tenable’s Product Evangelist, Paul Asadoorian, will be teaching two sessions of a brand-new (seriously – we’re still editing it) <a href="http://blackhat.com/html/bh-us-10/training/bh-us-10-training_TEN-AdvNessus.html" target="_blank">Advanced Nessus Training Class</a>.</p> <p>This class is intended for those who are already familiar with Nessus and will cover special techniques and testing situations that you may not be familiar with. There will be a lot of hands-on lab work, assisted by Tenable’s lead Trainer, David Poynter (so that Paul can keep talking, one of his favorite activities). The first session will be held on Saturday and Sunday (July 24 & 25) and the second session on Monday and Tuesday (July 26 & 27). There are still a few seats open in both sessions, but they are filling up fast!</p>
Tenable Network Security Podcast - Episode 41
July 6, 2010<p>Welcome to the Tenable Network Security Podcast - Episode 41</p> <p>Hosts: Paul Asadoorian, Product Evangelist & Kelly Todd, Compliance Analyst</p> <h3>Announcements</h3> <ul> <li>Several new blog posts have been published this week, including: <ul> <li><a href="http://blog.tenablesecurity.com/2010/07/research-spotlight-the-evil-that-bots-do.html">Research Spotlight: The Evil That Bots Do</a></li> <li><a href="http://blog.tenablesecurity.com/2010/06/event-analysis-training---analyzing-outbound-sql-queries.html">Event Analysis Training - Analyzing Outbound SQL Queries</a></li> </ul> </li> <p><li>New Nessus training is now being offered at conferences! - The new course titled "Advanced Vulnerability Scanning Techniques Using Nessus" is now being offered at both <a href="http://www.blackhat.com/html/bh-us-10/training/bh-us-10-training_TEN-AdvNessus.html">Black Hat Las Vegas 2010</a> and <a href="http://2010.brucon.org/index.php/Training#Training_.235:_Advanced_Vulnerability_Scanning_Techniques_Using_Nessus">BruCon 2010</a>. It's a two-day course that will put students into a real-world environment where they will have to solve problems and identify vulnerabilities using the advanced features of the Nessus vulnerability scanner. <br /> <li>Be certain to check out <a href="http://www.youtube.com/tenablesecurity">our video channel on YouTube</a> that contains the latest Nessus tutorials.</li><br /> <li><a href="http://www.nessus.org/about/index.php?view=careers">We're hiring</a>! - Visit the web site for more information about open positions. There are currently 10 open positions listed, including a <a href="http://www.nessus.org/about/index.php?view=jobs_web_coordinator">Digital/Web Strategy Coordinator.</a></li><br /> <li>You can subscribe to the <a href="http://itunes.apple.com/us/podcast/tenable-network-security-podcast/id361250581">Tenable Network Security Podcast on iTunes!</a></li><br /> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make various announcements, provide Nessus plugin statistics and more!</li><br /> </ul></p>
Tenable Black Hat USA 2010 Party !
June 25, 2010 Attending Black Hat USA 2010? Tenable Network Security appreciates our customers and Nessus users and would like to invite you to a party at Margaritaville, across the street from Ca...
Tenable Network Security Podcast - Episode 26
March 17, 2010<p>Welcome to the Tenable Network Security Podcast - Episode 26</p> <h3>Announcements</h3> <ul> <li>Two new blog posts have been released titled "<a href="http://blog.tenablesecurity.com/2010/03/value-of-credentialed-scanning.html">The Value Of Credentialed Vulnerability Scanning</a> and <a href="http://blog.tenablesecurity.com/2010/03/microsoft-patch-tuesday---march-2010---it-wont-happen-to-me-edition.html">Microsoft Patch Tuesday - March 2010 - "It Won't Happen To Me" Edition</a>. </li> <li>You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "<a href="https://discussions.nessus.org/community/social">Tenable Social Media</a>" thread. I would love to hear your feedback, questions, comments and suggestions! <a href="https://discussions.nessus.org/thread/2018">I put up a call for ideas on new Nessus videos</a>, so please give us your feedback!</li> <li><a href="http://www.nessus.org/about/index.php?view=careers">We're hiring</a>! - Visit the web site for more information about open positions, there are currently 7 open positions listed! </li> <li>You can subscribe to the <a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=329735657">Tenable Network Security Podcast on iTunes!</a></li> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make various announcements, Nessus plugin statistics and more!</li> </ul> <p>Interview - Ron Gula - CCDC Recap</p> <div style="text-align:center;"><img src="http://tenable.typepad.com/.a/6a00d8345495f669e20120a9427862970b-pi" alt="2010_CCDC.png" border="0" width="260" height="86" /></div> <p>Ron Gula and I discuss our experiences at the 2010 Collegiate Cyber Defense Exercise held this past weekend in Columbia, MD.<br /> </p>
Tenable Network Security Podcast - Episode 23
February 15, 2010Welcome to the Tenable Network Security Podcast - Episode 23 <h3>Announcements</h3> <ul> <li>Two new blog posts have been released titled "<a href="http://blog.tenablesecurity.com/2010/02/microsoft-patch-tuesday---february-2009---from-microsoft-with-love-edition.html">Microsoft Patch Tuesday - February 2010 - "From Microsoft with Love" Edition</a>" and <a href="http://blog.tenablesecurity.com/2010/02/shmoocon-2010-security-conference.html">Shmoocon 2010 Security Conference</a>.</li> <li>A webinar is scheduled for February 25, 2010 titled, "<a href="http://blog.tenablesecurity.com/2010/01/finding-and-stopping-advanced-persistent-threats-webinar.html">Finding and Stopping Advanced Persistent Threats</a>" where Tenable CEO Ron Gula and Tenable CSO Marcus Ranum will discuss strategies for preventing, finding and eliminating advanced persistent threats in enterprise networks. </li> <li>You can provide feedback to this podcast and all of our social media outlets by visiting our discussions forum and adding messages to the "<a href="https://discussions.nessus.org/community/social">Tenable Social Media</a>" thread. I would love to hear your feedback, questions, comments, and suggestions! <a href="https://discussions.nessus.org/thread/2018">I put up a call for ideas on new Nessus videos</a>, so please give us your feedback!</li> <li><a href="http://www.nessus.org/about/index.php?view=careers">We're hiring</a>! - Visit the web site for more information about open positions, there are currently 12 open positions listed! </li> <li>You can subscribe to the <a href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=329735657">Tenable Network Security Podcast on iTunes!</a></li> <li>Tenable Tweets - You can find us on Twitter at <a href="http://twitter.com/tenablesecurity">http://twitter.com/tenablesecurity</a> where we make various announcements, Nessus plugin statistics, and more!</li> </ul>
Afterbites with Marcus Ranum: Gartner & Two-Factor Authentication
December 17, 2009<p>Afterbites is a blog segment in which Marcus Ranum provides more in-depth coverage and analysis of the SANS NewsBites newsletter. This week Marcus will be commenting on the following article:</p> <p><strong>Gartner Report Says Two-Factor Authentication Isn't Enough</strong><br /> (December 14, 2009)</p> <blockquote><cite>A report from Gartner says that two-factor authentication is not providing adequate security against fraud and online attacks. Specifically, Trojan-based, man-in-the-middle browser attacks manage to bypass strong two-factor authentication. The problem resides in authentication methods that rely on browser communications. The report predicts that while bank accounts have been the primary target of such attacks, they are likely to spread "to other sectors and applications that contain sensitive valuable information and data." Gartner analyst Avivah Litan recommends "server-based fraud detection and out-of-band transaction verification" to help mitigate the problem.</cite></blockquote> <p><strong>References:</strong> <a href="http://www.eweek.com/c/a/Security/2Factor-Authentication-Falling-Short-for-Security-Gartner-Says-303095/">2-Factor Authentication Falling Short for Security, Gartner Says</a> & <a href="http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222001977">Strong Authentication Not Strong Enough</a> </p> <p>I found this article interesting because it typifies, for me, the end result of the "whack-a-mole" approach to computer security. Certain technologies are sold as "security enablers" but customers don't seem to understand (and/or aren't informed) of the reality: security is a top-to-bottom problem that doesn't have any single place where you can add a widget that'll magically make you safe.<br /> </p>
Tenable Network Security Podcast - Episode 7
October 13, 2009<p>Welcome to the Tenable Network Security Podcast - Episode 7</p> <h3>Announcements</h3> <ul><li>New blog post going up today on the experiences at Cyberdawn, a cyber exercise that puts hackers against defenders in a realistic environment.</li> <li>Attention Security Center customers! A new version of Security Center, 3.4.5, has been released and is available for download in the customer support portal (Security Center customers can find the<a href="https://discussions.nessus.org/message/3615#3615"> release notes</a> the <a href="http://discussions.nessus.org">discussion portal</a>). It includes such improvements as web application scanning support.</li> <li>Paul Asadoorian was interviewed on <a href="http://feedproxy.google.com/~r/securabitsite/~3/vqaj5nGH63I/">Securabit Episode 40</a> and discusses all things Nessus and some of the features in our enterprise products such as Security Center and the Passive Vulnerability Scanner (PVS)</li> <li>Paul Asadoorian spoke at the <a href="http://www.louisvilleinfosec.com/">Louisville Infosec conference</a> on web application security on October 7, 2009</li> <li>As always be sure to check out our blog at <a href="http://blog.tenablesecurity.com">http://blog.tenablesecurity.com</a></li></ul> <h3>Interview: John Bos - <a href="http://www.cybrexllc.com/">Cybrex, LLC</a></h3> <table class="image" align="center"> <tr><td><div style="text-align:center;"><img src="http://tenable.typepad.com/.a/6a00d8345495f669e20120a5e061d8970b-pi" alt="John_Bos.png" border="0" width="320" height="240" /></div></td></tr> <caption align="bottom"><strong>John Bos joins us to talk about his 10 years of experience with the Defcon CTF and his team "sk3wl0fr00t".</strong></caption> </table>
Logs of Our Fathers
September 22, 2009<p>At USENIX in Anaheim, back in 2005, George Dyson treated us to a fantastic keynote speech about the early history of computing. You can catch a videotaped reprise of it <a href="http://www.ted.com/talks/lang/eng/george_dyson_at_the_birth_of_the_computer.html" target="_blank">here, on the TED site</a>. I highly recommend it - there's lots of interesting and quirky stuff. I managed to talk him into giving me a copy of his powerpoint file, and subsequently tracked him down and am re-posting this material with his permission.</p> <h3>November, 1951 </h3> <p style="TEXT-ALIGN: center"><a href="http://www.ranum.com/security/computer_security/papers/ur-syslogs/first_syslog.jpg" target="_blank"><img border="0" height="375" src="http://www.ranum.com/security/computer_security/papers/ur-syslogs/t/first_syslog.jpg" width="500" /></a> <br /><strong>Machine Log #1</strong></p>
Event Analysis Training – “Could you look at some odd IRC Connections?”
July 29, 2009<p>At one of the research sites that we monitor, an analyst noted that a few servers were consistently making a large number of IRC connections. These connections occurred in a periodic manner and appeared to be automated. This blog entry describes the various steps taken in analyzing the connections and historical data. We used Tenable’s log analysis, network monitoring and passive profiling solutions to perform this analysis, but the principals could be applied to various SIMs, NBADs and analytical tools.</p><p> </p>